New research shows IoT and OT innovation is critical to business but comes with significant risks

The need for much improved IoT and operational technology OT cybersecurity became clearer this year with recent attacks on network devices,1 surveillance systems,2 an oil pipeline,3 and a water treatment facility,4 to name a few examples. To better understand the challenges customers are facing,...

Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center

Windows 10 and Windows 11 have continued to raise the security bar for drivers running in the kernel. Kernel-mode driver publishers must pass the Hardware Lab Kit HLK compatibility tests, malware scanning, and prove their identity through extended validation EV certificates. This has significantl...

New Secured-core servers are now available from the Microsoft ecosystem to help secure your infrastructure

In the current pandemic-driven remote work environments, security has become increasingly important. Earlier this year, Colonial Pipeline, one of the leading suppliers of fuel on the East Coast of the United States, was hit by a ransomware attack.1 This caused a massive disruption of the fuel...

NICKEL targeting government organizations across Latin America and Europe

The Microsoft Threat Intelligence Center MSTIC has observed NICKEL, a China-based threat actor, targeting governments, diplomatic entities, and non-governmental organizations NGOs across Central and South America, the Caribbean, Europe, and North America. MSTIC has been tracking NICKEL since 2016...

Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense

Todays threat landscape is incredibly fast-paced. New campaigns surface all the time, and the amount of damage that they can cause is not always immediately apparent. Security operations centers SOCs must be equipped with the tools and insight to identify and resolve potentially high-impact threa...

Behind the unprecedented effort to protect customers against the NOBELIUM nation-state attack

This is the third in a four-part blog series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM” pul...

How Red Canary and Microsoft can help reduce your alert fatigue

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Security alert fatigue Organizations often feel overwhelmed by the number of security alerts they receive. Frustrated by alert fatigue, these organizations want a deeper understandin...

Stay safe online this holiday shopping season with tips from Microsoft

You may have already noticed this holiday shopping season feels different than those we’ve had before. Headlines about supply chain issues, worker shortages, costs rising—all while the pandemic continues to impact our lives. In my own inbox, I saw emails from brands touting Black Friday sales as...

MVP Health Care secures member portal access with Microsoft Azure Active Directory B2C

Hello! I’m Sue Bohn, Microsoft Vice President of Program Management for Identity and Network Access. In today’s Voice of the Customer blog post, Chief Technology Officer and Chief Information Security Officer David Swits of MVP Health Care shares how Microsoft Azure Active Directory B2C helped th...

How to investigate service provider trust chains in the cloud

In a recent Microsoft blog post, we documented technical guidance for organizations to protect themselves from the latest NOBELIUM activity that was found to target technology service providers, which are privileged in their downstream customer tenants, as a method to gain access to their...

Join us at InfoSec Jupyterthon 2021

We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by our friends in the Open Threat Research Forge, together with folks from the Microsoft Threat Intelligence Cente...

Microsoft named a Leader in IDC MarketScape for Modern Endpoint Security for Enterprise and Small and Midsize Businesses

The security stakes have never been higher and, consequently, the protection of endpoints as a key component of any extended detection and response XDR strategy has never been more critical—for organizations of all sizes. Microsoft is thrilled to be recognized as a Leader in IDC’s MarketScape...

Microsoft unpacks comprehensive security at Gartner and Forrester virtual events

Every day, Microsoft is committed to maintaining comprehensive security for all across our interconnected global community. With that purpose in mind, we recently sponsored the 2021 Gartner Security and Risk Summit and 2021 Forester Security and Risk Forum, where we discussed ongoing changes in t...

Iranian targeting of IT sector on the rise

Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain...

Adopting a Zero Trust approach throughout the lifecycle of data

Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust...

Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365

Sophisticated cyberattacks are on the rise, with email phishing as the most common attack vector. We’ve seen it all over the news with stories like Hafnium that targeted Exchange servers1 or the Nobelium attack against SolarWinds,2 which show just how easy it is for bad actors to distribute a...

The importance of identity and Microsoft Azure Active Directory resilience

I love hearing my colleagues explain how they came to the industry because so many of their stories are unusual. I’m surprised how often I hear that people got into computer science by some fortuitous accident. Although he loved computers from the time he was a kid, Oren Melzer never expected to...

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

Over the past year, the Microsoft Threat Intelligence Center MSTIC has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state...

How Open Systems uses Microsoft tools to improve security maturity

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. We’ve all seen it happen—an organization has all the top-notch security tools in place and still, they get breached. In today’s rapidly evolving threat landscape, complexity leads to...

AI-driven adaptive protection against human-operated ransomware

In human-operated ransomware attacks, threat actors use predictable methods to enter a device but eventually rely on hands-on-keyboard activities to move inside a network. To fortify our existing cloud-delivered automated protection against complex attacks like human-operated ransomware, we...

How to assess and improve the security culture of your business

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cygenta Co-founder and Co-Chief...

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans RATs, and other payloads related to targeted attacks. Notably, this technique was observe...

The hunt for NOBELIUM, the most sophisticated nation-state attack in history

This is the second in a four-part blog series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM”...

Microsoft is a 5-time Leader in the Gartner Magic Quadrant for Access Management

We are honored that Gartner recognized Microsoft as a Leader in Gartner® Magic QuadrantTM for Access Management in Microsoft Azure Active Directory Azure AD. In addition, Microsoft has placed the farthest right on the “Completeness of Vision” axis. None of this is possible without you, our...

Microsoft is recognized as a Leader in the 2021 Forrester Wave for Unified Endpoint Management

Microsoft is honored to be recognized as a Leader in The Forrester Wave: Unified Endpoint Management UEM, Q4 2021 report for our ability to help customers on their path to modern endpoint management. Microsoft Endpoint Manager—which brings together Microsoft Intune for cloud endpoint management a...

Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus

Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group...

Learn how Microsoft strengthens IoT and OT security with Zero Trust

As cyber threats grow more sophisticated and relentless, the need for Cybersecurity Awareness Month becomes more urgent every year. As part of our year-round commitment to security for all, Microsoft continues to track numerous incidents targeting both digital and physical operations for many...

Discover what’s new and gain technical expertise from MISA at Ignite

It’s hard to believe we’re so close to the end of another year, and what a year it’s been. For too brief a time in some places, our masks were tossed away, only to find us digging them out of drawers again not long after. But masked up or not, it’s been good to see local restaurants buzzing with...

Evolving Zero Trust—Lessons learned and emerging trends

Looking back at the last two years, to say that our security strategies have evolved would be an understatement. Organizations around the world made overnight transitions to remote work models in response to a global pandemic, forcing them to reassess attack surface areas as they underwent an...

Protect your business with Microsoft Security’s comprehensive protection

Securing an organization has never been simple. But over the past year, we’ve seen significant changes in the threat landscape that are having a major impact on organizations of every size in every sector. The frequency and sophistication of cyber events have increased significantly. We see...

How Microsoft Defender for IoT can secure your IoT devices

Cybersecurity threats are always evolving, and today we’re seeing a new wave of advanced attacks specifically targeting IoT devices used in enterprise environments as well as operational technology OT devices used in industrial systems and critical infrastructure like ICS/SCADA. It’s not surprisi...

Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection

Microsoft has discovered a vulnerability that could allow an attacker to bypass System Integrity Protection SIP in macOS and perform arbitrary operations on a device. We also found a similar technique that could allow an attacker to elevate their privileges to root an affected device. We shared...

New insights on cybersecurity in the age of hybrid work

As we approach the last week of Cybersecurity Awareness Month, I think about what is top of mind for myself and my peers in security. The past year has continued the 2020s major shift in the way organizations operate. Recent data shows that 81 percent of enterprise organizations have begun the mo...

Protect your business from password sprays with Microsoft DART recommendations

Over the past year, the Microsoft Detection and Response Team DART, along with Microsoft’s threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector. This threat is a moving target with techniques and tools always changing, and Microsoft continues to fin...

Microsoft Digital Defense Report shares new insights on nation-state attacks

Microsoft is proud to promote Cybersecurity Awareness Month as part of our ongoing commitment to security for all. Year-round, Microsoft tracks nation-state threat activities to help protect organizations and individuals from these advanced persistent actors. We’re constantly improving our...

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

The Microsoft Threat Intelligence Center MSTIC has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers CSP, managed service providers MSP, and other IT services organizations...

How Microsoft is partnering with vendors to provide Zero Trust solutions

As workplaces around the world embrace hybrid work, Zero Trust provides the guiding strategy that keeps companies secure. However, no two organizations are alike. The Zero Trust journey will look unique for every organization that implements it. This means we must work together to create solution...

Defenders wanted—building the new cybersecurity professionals

As part of Cybersecurity Awareness Month, we published a special blog post earlier this week featuring real-world experiences shared by cybersecurity professionals: people with diverse backgrounds in law, academia, software development, and other seemingly unrelated fields. This topic is near and...

Franken-phish: TodayZoo built from other phishing kits

A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing and email threats today. We uncovered th...

New Microsoft Sysmon report in VirusTotal improves security

Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in VirusTotal. Whether you’re an IT professional or a developer, you’re probably already using Microsoft Sysinternals utilities to help you manage,...

Simplifying the complex: Introducing Privacy Management for Microsoft 365

The data privacy regulation landscape is more complex than ever. With new laws emerging in countries like China and India, shifts in Europe and the United Kingdom, and currently 26 different laws across the United States, staying ahead of regulations can feel impossible. But this work is...

Microsoft achieves a Leader placement in Forrester Wave for XDR

We are excited to share that Microsoft has been named a Leader in The Forrester New Wave: Extended Detection and Response XDR, Q4, 2021,1 receiving one of the highest scores in the strategy category. Microsoft 365 Defender was rated as “differentiated” in seven criteria including detection,...

Get career advice from 7 inspiring leaders in cybersecurity

Are you currently studying information security? Or are you considering transitioning to a career in cybersecurity? According to the US Bureau of Labor Statistics, cybersecurity jobs will grow 31 percent from 2019 to 2029—more than six times the national average job growth.1 Cybersecurity skills...

archTIS and Microsoft: Zero Trust information security for Microsoft Teams

Microsoft Teams has seen a surge in growth during the pandemic with over 115 million daily active users and growing.1 With it, customer imperative for enabling safe and trustworthy online collaboration has also increased significantly. The speed and simplicity of Teams business users creating new...

Azure network security helps reduce cost and risk according to Forrester TEI study

As organizations move their computing from on-premises to the cloud, they realize that leveraging cloud-native security tools can provide additional cost savings and business benefits to their security infrastructure. Microsoft Azure network security offers a suite of cloud-native security tools ...

How cyberattacks are changing according to new Microsoft Digital Defense Report

In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare,1 information technology,2 financial services,3 energy sectors4—with headline-grabbing attacks that crippled businesses and harmed consumers. But there are...

Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center MSTIC first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technolog...

Microsoft’s 5 guiding principles for decentralized identities

Three years ago, as part of Microsoft’s mission to empower people and organizations to achieve more, we announced that we were incubating a new set of decentralized identity technologies based on a simple vision: Each of us needs a digital identity we own, one which securely and privately stores...

Practical tips on how to use application security testing and testing standards

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Daniel Cuthbert, Global Head of Security...

Windows 11 offers chip to cloud protection to meet the new security challenges of hybrid work

As the world has changed over the past 18-months, companies have been wrestling with ways to keep employees and data protected as they support new ways of hybrid working. We built Windows 11 to be the most secure Windows yet with built-in chip to cloud protection that ensures company assets stay...